From b4693870ba647455e6bd0a3919a544130cee118b Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 9 Feb 2021 13:50:03 +0000 Subject: port Lib/Crypto from zap --- include/account.php | 36 +++++++++-------- include/channel.php | 17 ++++---- include/crypto.php | 7 ++-- include/dir_fns.php | 3 +- include/follow.php | 18 +++++---- include/items.php | 7 ++-- include/text.php | 11 +++++- include/xchan.php | 13 +++--- include/zot.php | 111 ++++++++++++++++++++++++++-------------------------- 9 files changed, 121 insertions(+), 102 deletions(-) (limited to 'include') diff --git a/include/account.php b/include/account.php index bea84cea7..34936c33f 100644 --- a/include/account.php +++ b/include/account.php @@ -4,6 +4,8 @@ * @brief Somme account related functions. */ +use Zotlabs\Lib\Crypto; + require_once('include/config.php'); require_once('include/network.php'); require_once('include/plugin.php'); @@ -26,8 +28,8 @@ function check_account_email($email) { $email = punify($email); $result = array('error' => false, 'message' => ''); - // Caution: empty email isn't counted as an error in this function. - // Check for empty value separately. + // Caution: empty email isn't counted as an error in this function. + // Check for empty value separately. if(! strlen($email)) return $result; @@ -36,7 +38,7 @@ function check_account_email($email) { $result['message'] .= t('Not a valid email address') . EOL; elseif(! allowed_email($email)) $result['message'] = t('Your email domain is not among those allowed on this site'); - else { + else { $r = q("select account_email from account where account_email = '%s' limit 1", dbesc($email) ); @@ -175,7 +177,7 @@ function create_account($arr) { // Ensure that there is a host keypair. if ((! get_config('system', 'pubkey')) && (! get_config('system', 'prvkey'))) { - $hostkey = new_keypair(4096); + $hostkey = Crypto::new_keypair(4096); set_config('system', 'pubkey', $hostkey['pubkey']); set_config('system', 'prvkey', $hostkey['prvkey']); } @@ -306,8 +308,8 @@ function verify_email_address($arr) { ); $res = z_mail( - [ - 'toEmail' => $arr['email'], + [ + 'toEmail' => $arr['email'], 'messageSubject' => sprintf( t('Registration confirmation for %s'), get_config('system','sitename')), 'textVersion' => $email_msg, ] @@ -375,8 +377,8 @@ function send_reg_approval_email($arr) { )); $res = z_mail( - [ - 'toEmail' => $admin['email'], + [ + 'toEmail' => $admin['email'], 'messageSubject' => sprintf( t('Registration request at %s'), get_config('system','sitename')), 'textVersion' => $email_msg, ] @@ -403,7 +405,7 @@ function send_register_success_email($email,$password) { )); $res = z_mail( - [ + [ 'toEmail' => $email, 'messageSubject' => sprintf( t('Registration details for %s'), get_config('system','sitename')), 'textVersion' => $email_msg, @@ -446,7 +448,7 @@ function account_allow($hash) { intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - + q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), @@ -466,7 +468,7 @@ function account_allow($hash) { )); $res = z_mail( - [ + [ 'toEmail' => $account[0]['account_email'], 'messageSubject' => sprintf( t('Registration details for %s'), get_config('system','sitename')), 'textVersion' => $email_msg, @@ -556,13 +558,13 @@ function account_approve($hash) { intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - + q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) ); - + q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), @@ -583,7 +585,7 @@ function account_approve($hash) { else { $_SESSION['login_return_url'] = 'new_channel'; authenticate_success($account[0],null,true,true,false,true); - } + } return true; } @@ -592,14 +594,14 @@ function account_approve($hash) { /** * @brief Checks for accounts that have past their expiration date. * - * If the account has a service class which is not the site default, + * If the account has a service class which is not the site default, * the service class is reset to the site default and expiration reset to never. * If the account has no service class it is expired and subsequently disabled. * called from include/poller.php as a scheduled task. * * Reclaiming resources which are no longer within the service class limits is - * not the job of this function, but this can be implemented by plugin if desired. - * Default behaviour is to stop allowing additional resources to be consumed. + * not the job of this function, but this can be implemented by plugin if desired. + * Default behaviour is to stop allowing additional resources to be consumed. */ function downgrade_accounts() { diff --git a/include/channel.php b/include/channel.php index 2d79cd074..08b5ee889 100644 --- a/include/channel.php +++ b/include/channel.php @@ -9,6 +9,7 @@ use Zotlabs\Access\PermissionRoles; use Zotlabs\Access\PermissionLimits; use Zotlabs\Access\Permissions; use Zotlabs\Daemon\Master; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\System; use Zotlabs\Render\Comanche; use Zotlabs\Lib\Libzot; @@ -107,7 +108,7 @@ function create_sys_channel() { if ((! get_config('system', 'pubkey')) && (! get_config('system', 'prvkey'))) { require_once('include/crypto.php'); - $hostkey = new_keypair(4096); + $hostkey = Crypto::new_keypair(4096); set_config('system', 'pubkey', $hostkey['pubkey']); set_config('system', 'prvkey', $hostkey['prvkey']); } @@ -232,10 +233,10 @@ function create_identity($arr) { } $guid = Libzot::new_uid($nick); - $key = new_keypair(4096); + $key = Crypto::new_keypair(4096); // legacy zot - $zsig = base64url_encode(rsa_sign($guid,$key['prvkey'])); + $zsig = base64url_encode(Crypto::sign($guid,$key['prvkey'])); $zhash = make_xchan_hash($guid,$zsig); // zot6 @@ -345,7 +346,7 @@ function create_identity($arr) { 'hubloc_addr' => channel_reddress($ret['channel']), 'hubloc_primary' => intval($primary), 'hubloc_url' => z_root(), - 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$ret['channel']['channel_prvkey'])), + 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$ret['channel']['channel_prvkey'])), 'hubloc_host' => App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => get_config('system','pubkey'), @@ -603,9 +604,9 @@ function change_channel_keys($channel) { $stored = []; - $key = new_keypair(4096); + $key = Crypto::new_keypair(4096); - $sig = base64url_encode(rsa_sign($channel['channel_guid'],$key['prvkey'])); + $sig = base64url_encode(Crypto::sign($channel['channel_guid'],$key['prvkey'])); $hash = make_xchan_hash($channel['channel_guid'],$sig); $stored['old_guid'] = $channel['channel_guid']; @@ -614,7 +615,7 @@ function change_channel_keys($channel) { $stored['old_hash'] = $channel['channel_hash']; $stored['new_key'] = $key['pubkey']; - $stored['new_sig'] = base64url_encode(rsa_sign($key['pubkey'],$channel['channel_prvkey'])); + $stored['new_sig'] = base64url_encode(Crypto::sign($key['pubkey'],$channel['channel_prvkey'])); // Save this info for the notifier to collect @@ -651,7 +652,7 @@ function change_channel_keys($channel) { foreach($h as $hv) { $hv['hubloc_guid_sig'] = $sig; $hv['hubloc_hash'] = $hash; - $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$modified['channel_prvkey'])); + $hv['hubloc_url_sig'] = base64url_encode(Crypto::sign(z_root(),$modified['channel_prvkey'])); hubloc_store_lowlevel($hv); } } diff --git a/include/crypto.php b/include/crypto.php index 84d639f3f..d91d3749c 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -1,5 +1,7 @@ $j['permissions']['data'], 'alg' => $j['permissions']['alg'], 'key' => $j['permissions']['key'], @@ -140,7 +142,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $xchan_hash = ''; $sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : ''); - + $r = q("select * from xchan where (xchan_addr = '%s' or xchan_url = '%s') $sql_options ", dbesc($url), diff --git a/include/items.php b/include/items.php index 83108455f..223fba147 100644 --- a/include/items.php +++ b/include/items.php @@ -4,6 +4,7 @@ * @brief Items related functions. */ +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\Enotify; use Zotlabs\Lib\MarkdownSoap; use Zotlabs\Lib\MessageFilter; @@ -1652,7 +1653,7 @@ function item_sign(&$item) { if(! $r) return; - $item['sig'] = base64url_encode(rsa_sign($item['body'], $r[0]['channel_prvkey'])); + $item['sig'] = base64url_encode(Crypto::sign($item['body'], $r[0]['channel_prvkey'])); $item['item_verified'] = 1; } @@ -2971,7 +2972,7 @@ function item_community_tag($channel,$item) { $pitem = $items[0]; $auth = get_iconfig($item,'system','communitytagauth'); if($auth) { - if(rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || rsa_verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) { + if(Crypto::verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['owner']['xchan_pubkey']) || Crypto::verify('tagauth.' . $item['mid'],base64url_decode($auth),$pitem['author']['xchan_pubkey'])) { logger('tag_deliver: tagging the post: ' . $channel['channel_name']); $tag_the_post = true; } @@ -2980,7 +2981,7 @@ function item_community_tag($channel,$item) { if(($pitem['owner_xchan'] === $channel['channel_hash']) && (! intval(get_pconfig($channel['channel_id'],'system','blocktags')))) { logger('tag_deliver: community tag recipient: ' . $channel['channel_name']); $tag_the_post = true; - $sig = rsa_sign('tagauth.' . $item['mid'],$channel['channel_prvkey']); + $sig = Crypto::sign('tagauth.' . $item['mid'],$channel['channel_prvkey']); logger('tag_deliver: setting iconfig for ' . $item['id']); set_iconfig($item['id'],'system','communitytagauth',base64url_encode($sig),1); } diff --git a/include/text.php b/include/text.php index 1e08d136c..b7cc0ba20 100644 --- a/include/text.php +++ b/include/text.php @@ -9,6 +9,7 @@ use Michelf\MarkdownExtra; use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Exception\UnableToBuildUuidException; +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\SvgSanitizer; require_once("include/bbcode.php"); @@ -3248,7 +3249,7 @@ function item_url_replace($channel,&$item,$old,$new,$oldnick = '') { $item['body'] = preg_replace("/(\[zrl=".preg_quote($old,'/')."\/(photo|photos|gallery)\/".$channel['channel_address'].".+\]\[zmg=\d+x\d+\])".preg_quote($old,'/')."\/(.+\[\/zmg\])/", '${1}'.$new.'/${3}', $item['body']); $item['body'] = preg_replace("/".preg_quote($old,'/')."\/(search|\w+\/".$channel['channel_address'].")/", $new.'/${1}', $item['body']); - $item['sig'] = base64url_encode(rsa_sign($item['body'],$channel['channel_prvkey'])); + $item['sig'] = base64url_encode(Crypto::sign($item['body'],$channel['channel_prvkey'])); $item['item_verified'] = 1; $item['plink'] = str_replace($old,$new,$item['plink']); @@ -3881,6 +3882,14 @@ function unserialise($x) { return ((is_array($y)) ? $y : $x); } +function obscurify($s) { + return str_rot47(base64url_encode($s)); +} + +function unobscurify($s) { + return base64url_decode(str_rot47($s)); +} + /** * @brief Remove new lines and tabs from strings. * diff --git a/include/xchan.php b/include/xchan.php index 5de828e7f..07fdb8b47 100644 --- a/include/xchan.php +++ b/include/xchan.php @@ -1,5 +1,6 @@ ', '<' . $newxchan['xchan_hash'] . '>', + dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>', $rv[$allow])), - dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>', + dbesc(str_replace('<' . $oldxchan['xchan_hash'] . '>', '<' . $newxchan['xchan_hash'] . '>', $rv[$deny])), intval($rv[$column]) ); @@ -243,7 +244,7 @@ function xchan_change_key($oldx,$newx,$data) { 'xprof' => 'xprof_hash', 'xtag' => 'xtag_hash' ]; - + $acls = [ 'channel' => 'channel_id', diff --git a/include/zot.php b/include/zot.php index d61873ba2..f96792656 100644 --- a/include/zot.php +++ b/include/zot.php @@ -8,6 +8,7 @@ * */ +use Zotlabs\Lib\Crypto; use Zotlabs\Lib\DReport; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\Activity; @@ -123,15 +124,15 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot 'type' => $type, 'sender' => [ 'guid' => $channel['channel_guid'], - 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)), + 'guid_sig' => base64url_encode(Crypto::sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)), 'url' => z_root(), - 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)), + 'url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'],$sig_method)), 'sitekey' => get_config('system','pubkey') ], 'callback' => '/post', 'version' => Zotlabs\Lib\System::get_zot_revision(), - 'encryption' => crypto_methods(), - 'signing' => signing_methods() + 'encryption' => Crypto::methods(), + 'signing' => Crypto::signing_methods() ]; if ($recipients) { @@ -143,7 +144,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot if ($secret) { $data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret); - $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); + $data['secret_sig'] = base64url_encode(Crypto::sign($secret,$channel['channel_prvkey'],$sig_method)); } if ($extra) { @@ -157,7 +158,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot if($remote_key) { $algorithm = zot_best_algorithm($methods); - $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm); + $data = Crypto::encapsulate(json_encode($data),$remote_key, $algorithm); } return json_encode($data); @@ -197,15 +198,15 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg 'type' => $type, 'sender' => [ 'guid' => $channel['channel_guid'], - 'guid_sig' => base64url_encode(rsa_sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)), + 'guid_sig' => base64url_encode(Crypto::sign($channel['channel_guid'],$channel['channel_prvkey'],$sig_method)), 'url' => z_root(), - 'url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'],$sig_method)), + 'url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'],$sig_method)), 'sitekey' => get_config('system','pubkey') ], 'callback' => '/post', 'version' => Zotlabs\Lib\System::get_zot_revision(), - 'encryption' => crypto_methods(), - 'signing' => signing_methods() + 'encryption' => Crypto::methods(), + 'signing' => Crypto::signing_methods() ]; if ($recipients) { @@ -221,7 +222,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg if ($secret) { $data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret); - $data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey'],$sig_method)); + $data['secret_sig'] = base64url_encode(Crypto::sign($secret,$channel['channel_prvkey'],$sig_method)); } if ($extra) { @@ -235,7 +236,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg if($remote_key) { $algorithm = zot_best_algorithm($methods); - $data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm); + $data = Crypto::encapsulate(json_encode($data),$remote_key, $algorithm); } return json_encode($data); @@ -249,7 +250,7 @@ function zot6_build_packet($channel, $type = 'notify', $recipients = null, $msg * * @param string $methods * comma separated list of encryption methods - * @return string first match from our site method preferences crypto_methods() array + * @return string first match from our site method preferences Crypto::methods() array * of a method which is common to both sites; or 'aes256cbc' if no matches are found. */ function zot_best_algorithm($methods) { @@ -272,7 +273,7 @@ function zot_best_algorithm($methods) { if($methods) { $x = explode(',', $methods); if($x) { - $y = crypto_methods(); + $y = Crypto::methods(); if($y) { foreach($y as $yv) { $yv = trim($yv); @@ -443,7 +444,7 @@ function zot_refresh($them, $channel = null, $force = false) { $signed_token = ((is_array($j) && array_key_exists('signed_token',$j)) ? $j['signed_token'] : null); if($signed_token) { - $valid = rsa_verify('token.' . $token,base64url_decode($signed_token),$j['key']); + $valid = Crypto::verify('token.' . $token,base64url_decode($signed_token),$j['key']); if(! $valid) { logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR); return false; @@ -461,7 +462,7 @@ function zot_refresh($them, $channel = null, $force = false) { if($channel) { if($j['permissions']['data']) { - $permissions = crypto_unencapsulate( + $permissions = Crypto::unencapsulate( [ 'data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], @@ -719,8 +720,8 @@ function zot_register_hub($arr) { */ foreach($sig_methods as $method) { - if((rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method)) - && (rsa_verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method)) + if((Crypto::verify($arr['guid'],base64url_decode($arr['guid_sig']),$record['key'],$method)) + && (Crypto::verify($arr['url'],base64url_decode($arr['url_sig']),$record['key'],$method)) && ($arr['guid'] === $record['guid']) && ($arr['guid_sig'] === $record['guid_sig'])) { $c = import_xchan($record); @@ -790,7 +791,7 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $verified = false; foreach($sig_methods as $method) { - if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) { + if(! Crypto::verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'],$method)) { logger('Unable to verify channel signature for ' . $arr['address'] . ' using ' . $method); continue; } @@ -925,28 +926,28 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { $local = q("select channel_account_id, channel_id from channel where channel_portable_id = '%s' limit 1", dbesc($xchan_hash) ); - + if($local) { - // @FIXME This should be removed in future when profile photo update by file sync procedure will be applied + // @FIXME This should be removed in future when profile photo update by file sync procedure will be applied // on most hubs in the network // <--- $ph = z_fetch_url($arr['photo'], true); - + if($ph['success']) { - + // Do not fetch already received thumbnails $x = q("SELECT resource_id FROM photo WHERE uid = %d AND imgscale = %d AND filesize = %d LIMIT 1", intval($local[0]['channel_id']), intval(PHOTO_RES_PROFILE_300), strlen($ph['body']) - ); + ); if($x) $hash = $x[0]['resource_id']; else $hash = import_channel_photo($ph['body'], $arr['photo_mimetype'], $local[0]['channel_account_id'], $local[0]['channel_id']); } - + if($hash) { // unless proven otherwise $is_default_profile = 1; @@ -972,7 +973,7 @@ function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { } } // ---> - + // reset the names in case they got messed up when we had a bug in this function $photos = array( z_root() . '/photo/profile/l/' . $local[0]['channel_id'], @@ -1128,7 +1129,7 @@ function zot_process_response($hub, $arr, $outq) { if(is_array($x) && array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) { if(array_key_exists('iv',$x['delivery_report'])) { - $j = crypto_unencapsulate($x['delivery_report'],get_config('system','prvkey')); + $j = Crypto::unencapsulate($x['delivery_report'],get_config('system','prvkey')); if($j) { $x['delivery_report'] = json_decode($j,true); } @@ -1253,14 +1254,14 @@ function zot_fetch($arr) { $data = [ 'type' => 'pickup', 'url' => z_root(), - 'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))), + 'callback_sig' => base64url_encode(Crypto::sign(z_root() . '/post', get_config('system','prvkey'))), 'callback' => z_root() . '/post', 'secret' => $secret, - 'secret_sig' => base64url_encode(rsa_sign($secret, get_config('system','prvkey'))) + 'secret_sig' => base64url_encode(Crypto::sign($secret, get_config('system','prvkey'))) ]; $algorithm = zot_best_algorithm($hub['site_crypto']); - $datatosend = json_encode(crypto_encapsulate(json_encode($data),$hub['hubloc_sitekey'], $algorithm)); + $datatosend = json_encode(Crypto::encapsulate(json_encode($data),$hub['hubloc_sitekey'], $algorithm)); $import = zot_zot($url,$datatosend); @@ -1272,7 +1273,7 @@ function zot_fetch($arr) { $result = zot_import($import, $arr['sender']['url']); if($result) { - $result = crypto_encapsulate(json_encode($result),$hub['hubloc_sitekey'], $algorithm); + $result = Crypto::encapsulate(json_encode($result),$hub['hubloc_sitekey'], $algorithm); return $result; } @@ -1314,7 +1315,7 @@ function zot_import($arr, $sender_url) { } if(array_key_exists('iv', $data)) { - $data = json_decode(crypto_unencapsulate($data,get_config('system','prvkey')),true); + $data = json_decode(Crypto::unencapsulate($data,get_config('system','prvkey')),true); } if(! is_array($data)) { @@ -1342,7 +1343,7 @@ function zot_import($arr, $sender_url) { $result = null; if(array_key_exists('iv',$i['notify'])) { - $i['notify'] = json_decode(crypto_unencapsulate($i['notify'],get_config('system','prvkey')),true); + $i['notify'] = json_decode(Crypto::unencapsulate($i['notify'],get_config('system','prvkey')),true); } logger('Notify: ' . print_r($i['notify'],true), LOGGER_DATA, LOG_DEBUG); @@ -2466,7 +2467,7 @@ function process_rating_delivery($sender, $arr) { dbesc($sender['hash']) ); - if((! $z) || (! rsa_verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) { + if((! $z) || (! Crypto::verify($arr['target'] . '.' . $arr['rating'] . '.' . $arr['rating_text'], base64url_decode($arr['signature']),$z[0]['xchan_pubkey']))) { logger('failed to verify rating'); return; } @@ -2652,7 +2653,7 @@ function sync_locations($sender, $arr, $absolute = false) { $arr['locations'][0]['primary'] = true; foreach($arr['locations'] as $location) { - if(! rsa_verify($location['url'],base64url_decode($location['url_sig']),$sender['key'])) { + if(! Crypto::verify($location['url'],base64url_decode($location['url_sig']),$sender['key'])) { logger('Unable to verify site signature for ' . $location['url']); $ret['message'] .= sprintf( t('Unable to verify site signature for %s'), $location['url']) . EOL; continue; @@ -3126,7 +3127,7 @@ function import_site($arr, $pubkey) { if( (! is_array($arr)) || (! $arr['url']) || (! $arr['url_sig'])) return false; - if(! rsa_verify($arr['url'], base64url_decode($arr['url_sig']), $pubkey)) { + if(! Crypto::verify($arr['url'], base64url_decode($arr['url_sig']), $pubkey)) { logger('Bad url_sig'); return false; } @@ -3509,12 +3510,12 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { if($keychange) { // verify the keychange operation - if(! rsa_verify($arr['channel']['channel_pubkey'],base64url_decode($arr['keychange']['new_sig']),$channel['channel_prvkey'])) { + if(! Crypto::verify($arr['channel']['channel_pubkey'],base64url_decode($arr['keychange']['new_sig']),$channel['channel_prvkey'])) { logger('sync keychange: verification failed'); continue; } - $sig = base64url_encode(rsa_sign($channel['channel_guid'],$arr['channel']['channel_prvkey'])); + $sig = base64url_encode(Crypto::sign($channel['channel_guid'],$arr['channel']['channel_prvkey'])); $hash = make_xchan_hash($channel['channel_guid'],$sig); @@ -3551,7 +3552,7 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { foreach($h as $hv) { $hv['hubloc_guid_sig'] = $sig; $hv['hubloc_hash'] = $hash; - $hv['hubloc_url_sig'] = base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])); + $hv['hubloc_url_sig'] = base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])); hubloc_store_lowlevel($hv); } } @@ -4329,7 +4330,7 @@ function zot_rekey_request($sender,$data) { $xchan = $r[0]; - if(! rsa_verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) { + if(! Crypto::verify($data['new_key'],base64url_decode($data['new_sig']),$xchan['xchan_pubkey'])) { json_return_and_die($ret); } @@ -4367,7 +4368,7 @@ function zotinfo($arr) { $feed = ((x($arr,'feed')) ? intval($arr['feed']) : 0); if($ztarget) { - if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) { + if((! $zkey) || (! $zsig) || (! Crypto::verify($ztarget,base64url_decode($zsig),$zkey))) { logger('zfinger: invalid target signature'); $ret['message'] = t("invalid target signature"); return($ret); @@ -4531,7 +4532,7 @@ function zotinfo($arr) { // Communication details if($token) - $ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey'],$sig_method)); + $ret['signed_token'] = base64url_encode(Crypto::sign('token.' . $token,$e['channel_prvkey'],$sig_method)); $ret['guid'] = $e['xchan_guid']; @@ -4587,7 +4588,7 @@ function zotinfo($arr) { // because ztarget refers to an xchan and we don't necessarily know the origination // location. - $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey) : $permissions); + $ret['permissions'] = (($ztarget && $zkey) ? crypto_encapsulate(json_encode($permissions),$zkey,) : $permissions); if($permissions['view_profile']) $ret['profile'] = $profile; @@ -4622,9 +4623,9 @@ function zot_site_info($channel_key = '') { $ret['site'] = []; $ret['site']['url'] = z_root(); if($channel_key) { - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$channel_key,$sig_method)); + $ret['site']['url_sig'] = base64url_encode(Crypto::sign(z_root(),$channel_key,$sig_method)); } - $ret['site']['url_site_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); + $ret['site']['url_site_sig'] = base64url_encode(Crypto::sign(z_root(),$signing_key,$sig_method)); $ret['site']['post'] = z_root() . '/post'; $ret['site']['openWebAuth'] = z_root() . '/owa'; $ret['site']['authRedirect'] = z_root() . '/magic'; @@ -4644,8 +4645,8 @@ function zot_site_info($channel_key = '') { $ret['site']['directory_url'] = z_root() . '/dirsearch'; - $ret['site']['encryption'] = crypto_methods(); - $ret['site']['signing'] = signing_methods(); + $ret['site']['encryption'] = Crypto::methods(); + $ret['site']['signing'] = Crypto::signing_methods(); $ret['site']['zot'] = Zotlabs\Lib\System::get_zot_revision(); // hide detailed site information if you're off the grid @@ -4724,7 +4725,7 @@ function check_zotinfo($channel, $locations, &$ret) { // the sys channel must have a location (hubloc) $valid_location = false; if((count($locations) === 1) && ($locations[0]['primary']) && (! $locations[0]['deleted'])) { - if((rsa_verify($locations[0]['url'],base64url_decode($locations[0]['url_sig']),$channel['channel_pubkey'])) + if((Crypto::verify($locations[0]['url'],base64url_decode($locations[0]['url_sig']),$channel['channel_pubkey'])) && ($locations[0]['sitekey'] === get_config('system','pubkey')) && ($locations[0]['url'] === z_root())) $valid_location = true; @@ -4752,7 +4753,7 @@ function check_zotinfo($channel, $locations, &$ret) { 'hubloc_network' => 'zot', 'hubloc_primary' => 1, 'hubloc_url' => z_root(), - 'hubloc_url_sig' => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])), + 'hubloc_url_sig' => base64url_encode(Crypto::sign(z_root(),$channel['channel_prvkey'])), 'hubloc_host' => App::get_hostname(), 'hubloc_callback' => z_root() . '/post', 'hubloc_sitekey' => get_config('system','pubkey'), @@ -4931,7 +4932,7 @@ function zot_reply_ping() { $ret['success'] = true; $ret['site'] = array(); $ret['site']['url'] = z_root(); - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),get_config('system','prvkey'))); + $ret['site']['url_sig'] = base64url_encode(Crypto::sign(z_root(),get_config('system','prvkey'))); $ret['site']['sitekey'] = get_config('system','pubkey'); json_return_and_die($ret); @@ -4979,10 +4980,10 @@ function zot_reply_pickup($data) { logger('mod_zot: Checking sitekey: ' . $sitekey, LOGGER_DATA, LOG_DEBUG); - if(rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) { + if(Crypto::verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) { $forgery = false; } - if(rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) { + if(Crypto::verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) { $secret_fail = false; } if((! $forgery) && (! $secret_fail)) @@ -5076,7 +5077,7 @@ function zot_reply_pickup($data) { ); $algorithm = zot_best_algorithm(($x) ? $x[0]['site_crypto'] : ''); - $encrypted = crypto_encapsulate(json_encode($ret),$sitekey,$algorithm); + $encrypted = Crypto::encapsulate(json_encode($ret),$sitekey,$algorithm); json_return_and_die($encrypted); // @FIXME: There is a possibility that the transmission will get interrupted @@ -5133,7 +5134,7 @@ function zot_reply_auth_check($data,$encrypted_packet) { // First verify their signature. We will have obtained a zot-info packet from them as part of the sender // verification. - if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { + if ((! $y) || (! Crypto::verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) { logger('mod_zot: auth_check: sender not found or secret_sig invalid.'); $ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL; @@ -5158,7 +5159,7 @@ function zot_reply_auth_check($data,$encrypted_packet) { json_return_and_die($ret); } - $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); + $confirm = base64url_encode(Crypto::sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); // This additionally checks for forged sites since we already stored the expected result in meta // and we've already verified that this is them via zot_gethub() and that their key signed our token -- cgit v1.2.3